Systemd Vulnerability Could Cause to Denial of Service Attack

Linux systems are considered to be more secure systems as compared to Windows but it doesn’t mean the attackers can only exploit flaws found in Windows and other products. They always keep an eye on the vulnerabilities to attack affected systems. The researchers found the vulnerability in systemd that could lead to a denial-of-service attack on many Linux distributions.

Systemd is the powerful suite of basic building blocks for Linux system that can manage the various aspects of your system such as starting services, run core programs, on-demand starting of daemons, tracks processes, maintains mount & unmount points, control basic system configuration, manage list of logged-in users, running virtual machines, system accounts and more.

The vulnerability CVE-2017-15908 was firstly discovered by Trend Micro team in July 2017 and they reported this flaw via Zero-Day Initiative. Unfortunately, the same flaw is detected by an independent researcher in October 2017.

The attacker is able to exploit this systemd vulnerability by using a vulnerable Linux system for sending a DNS query to a DNS server controlled by the attacker. When the DNS server returns a specially crafted query, the systemd get entered into an infinite loop that maximizes the affected system’s CPU usage to 100%. The attacker could use multiple methods to carry out this malicious activity. With the physical access to the affected system, the attacker could visit particular domain that is controlled by himself.

During the analysis of systemd vulnerability CVE-2017-15908, it is found that new functions and features have been added to DNS. Moreover, one of the new types of resource records added in DNS Security Extensions (DNSSEC) was NSEC record, RFC 4034 reports.

The Trend Micro Researchers team test the vulnerability by creating custom DNS that would respond maliciously. The proof of the concept is published and the screenshot showing the reply contained an NSEC record that is designed to trigger the vulnerability.

There are no reports of attacks against this systemd vulnerability, yet it is recommended to apply the patch that is released recently. The patches for Linux Ubuntu is available for two affected versions Ubuntu 17.10 and 17.04. Update your system to resolve the issues.